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DETAILED ACTION 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth 
in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
9/23/09 has been entered. 

Response to Arguments/Amendments 

2. In light of applicant's amendment the 35 USC § 1 01 rejections cited in the previous 
Office Action towards claims 1,4,6-11, 14-20, 22 and 24-29 and 40-49 are 
withdrawn. However claims 30-31 and 34-39 remain rejected as directed towards 
the non statutory subject matter. Additionally, the updated search resulted in the 
newly discovered art that is cited below. 

Claims 1 , 4, 6-1 1 , 14-20, 22, 24-31 , 34-41 and 43-49 have been examined. 

Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

The claimed invention cited in claims 30-31 and 34-39 is directed to non-statutory 
subject matter. 
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3. Claims 30-31 and 34-39 claim computer program product comprising a computer- 
readable storage medium. However, in order to meet the requirements of the 
patentability, software must be embodied on non-transitory computer-readable 
storage medium. Although the specification offers examples of such computer- 
readable storage media type (i.e. CD-ROM, ROM), the specification expressly notes 
that these examples are "non-exclusive" and a skilled artisan would recognize that, 
as a result, the "computer-readable storage medium" cited in the preamble permits 
the non-statutory embodiment media, such as carrier wave or a signal. 

Appropriate correction is required. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S. C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 40-41 and 43-49 are rejected under 35 U.S.C. 112, second paragraph, as 

failing to set forth the subject matter which applicant(s) regard as their invention. 

4. Claims 40-41 and 43-49 are drafted using "means plus function" limitations. 
However, the examiner did not find correlation of the specific "means" to the 
disclosed structure, acts, or materials to carry out the recited functions in the 
specification. It is noted that even though claims 20, 22, 24-26, 30-31 and 34-36 as 
well as the specification (see the corresponding USPUB 2005/0129019, paragraph 
68-69, for example) clearly suggest the claimed functionality being realized in 
software, no computer code (either specific or a pseudo-code) is offered in the 
specification that would support the claimed "means". Thus, the examiner is unable 
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to interpret the exact scope of claim limitations under 35 U.S.C. 1 1 2, sixth 
paragraph. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 10-11, 14-16, 20, 22 and 24-26 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Daruwalla (USPN 6693878). 

The applied reference has a common assignee with the instant application. Based 
upon the earlier effective U.S. filing date of the reference, it constitutes prior art under 35 
U.S.C. 102(e). This rejection under 35 U.S.C. 102(e) might be overcome either by a 
showing under 37 CFR 1.132 that any invention disclosed but not claimed in the 
reference was derived from the inventor of this application and is thus not the invention 
"by another, " or by an appropriate showing under 37 CFR 1. 131. 

5. As per claim 10, Daruwalla teaches assigning a security group identifier (SGI) to a 
packet, wherein said SGI is assigned based on a security group of a sender of said 
packet (see SID in Fig. 7) classifying said packet based on said SGI (When CMTS 
324 receives the packet from CM3, the CMTS identifiers the SID associated with the 
packet and consults the SID/VPN mapping table 700 (FIG. 7) to determine if the 
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identified SID is associated with aparitualcur VPN/sub-interface, col. 15 lines 7-12), 
determining a routing of said packet, wherein said determining is based on said SGI 
(In a specific embodiment, the SID is pre-pended to the EP packet, and is part of the 
MAC header in the packet. In this example of Fig. 3A, the CMTS will determine that 
the SID identifying cable modem CM3 is associated with the virtual private network 
VPN1, col. 15 lines 13-17), and forwarding said packet via a tunnel identified by said 
routing, if forwarding a packet having said SGI via said tunnel is permitted (Next, the 
CMTS examines the packet's routing information in order to determine the 
destination IP address of the packet. Once the destination IP is obtained the CMTs 
then consults the VRF Table associated with VPN1 (e.g. Table 800 of Fig. 8), in 
order to determine whether the packet's destination IP address falls within any of the 
recognized destination IP address ranges specified by the VPN1 VRF Table 800. 
Presumably, in the example of Fig. 3A, the packet's destination IP address will fall 
within any of the recognized destination IP address ranges specified in the VPN1 
VRF Table (e.g. IP address range [Rangel]), and the CMTS will route the packet 
using an MPLS protocol, to the specified next hop (e.g. Next Hp1). The packet will 
eventually travel from the CMTS 324 to the VPN1 CE device 352 along a MPLS 
VPN communication path 31 1 , see col. 15 lines 1 8-32). 
6. As per claims 1 4-1 5, Daruwalla discloses assigning a security group identifier (SGI), 
determining a routing of the packet based on the SGI and sending the packet (When 
the CMTS 324 receives the packet from CM3, the CMTS identifies the SID 
associated with the packet from CM3, the CMTS identifies the SID associated with 
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the packet and consult the SID/VPN mapping table 700 (Fig. 7) to determine if the 
identified SID is associated with a particular VPN/sub-interface... Next, the CMTS 
examines the packet's routing information in order to determine the destination IP 
address of the packet. Once the destination IP is obtained, the CMTS then consults 
the VRF Table associated with VPN1 (e.g. Table 800of Fig. 8), in order to determine 
whether the packet's destination IP address ranges specified by the VPN VRF Table 
800 ... and [if does] route the packet, see col. 15 lines 5-35). Furthermore, the VRF 
Table (example shown in Fig. 8) comprising SGI and Tunnel ID field (i.e. VPN1) 
meets the limitation of ACL and as seen in Fig. 7 and 8 and discussed in col. 15 
lines 5-35, Daruwalla teaches an index comprising SGI used to access the ACL (see 
col. 15 lines 5-35 cited above). 

7. As indicated above, the routing of the packet via a particular tunnel equated to the 
result of the classification stage meets the limitation of claim 1 1 . Alternatively, either 
a set or a subset of mapping Tunnel ID to SID/IP address ranges, taught in col. 15 
lines 5-35 meet the limitation of classifying of the packet. 

8. As per claim 1 6, CM and CE Device (i.e. 306 and 352) meet the limitations of an 
ingress and an egress routers; However, it is noted that, alternatively, in the 
broadest reasonable interpretation the Head End 322 could also meet the limitation 
of an ingress router (see Fig. 3, Fig. 3 A and B and associated text). 

9. Claims 20, 22, 24-26 are substantially similar to claims 1 0-1 1 and 1 4-1 6 (computer 
system functionalities are achieved by processors running computer code stored on 
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computer readable storage medium); thus, claims 20, 22, 24-26 are similarly 
rejected. 

Claim Rejections - 35 USC §102 or 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1,4, 6-9, 30-31 , 34-36, 40-41 and 43-46 are rejected under 35 U.S.C. 102(e) 
as anticipated by or, in the alternative, under 35 U.S.C. 103(a) as obvious over 
Daruwalla (USPN 6693878). 
10. Although, as per claims 30-31, 34-36, 40-41 and 43-46, the limitation are 
substantially similar to previously discussed limitations, Daruwalla does not 
expressly teaches separating computer code to separate instructions (i.e. a first set 
of instruction ... configured to assign a security group a second set of 
instructions ... configured to classify said packet based on said SGI, etc.). However, 
a set or subset of the code offering the functionalities discussed above meet the 
corresponding set of instructions that are mapped to particular functionalities in 
claims 30-31 and 34-36. Furthermore, stages and sections cited in claims 1, 4, 6-8 
as well as (as best understood) the means cited in claims 40-41 and 43-46 are also 
equated to the set/subset of instructions and (in case of claims 1 , 4, 6-8 elements) 
performing the functionalities of the corresponding limitations cited in claims 1, 4, 6- 
8, 40-41 and 43-46 and, as a result, meet the claimed limitation. 
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1 1 .Additionally, it is noted that even if one would insist that the computer code 
instructions (/means/elements such as stages and sections) would expressly be 
separately identified, grouping and separating computer code according to a 
particular functionalities is old and well known in the art of computing (see Object 
Oriented Programming, for example) and grouping/separating the code instructions 
(/means/elements such as stages and sections) according to particular 
functionalities such as cited in claims 30-31 and 34-36 (and 40-41 and 43-46) would 
have been an obvious design choice offering the benefit of improved reliability and 
maintainability. 

12. As per claim 4, not only a skilled artisan would recognize that packets are forwarded 
base on information in pocket headers but Daruwalla expressly teaches a group 
identifier being placed in a packet header (see Daruwalla's col. 15 lines 12-14). 

1 3. As per claims 6-8, the exemplary device as shown in Fig. 11 implementing 
Daruwalla's invention meets the limitation of a single router and memory storing the 
previously discussed accessed ACLs meets a lookup unit. Additionally, a skilled 
artisan would recognize that data in memory is accessed/retrieved by an index (i.e. a 
pointer, memory address) and the entity storing and retrieving/generating the index 
meets the limitation of a content-addressable memory. 

14. As per claim 9, SID1-n and VPN1-Z entries in Fig. 7 meet the limitation of security 
group identifiers and tunnel identifiers, respectively. 

Claim Rejections - 35 USC § 103 
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Claims 17-19, 27-29, 37-39 and 47-49 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Daruwalla (USPN 6693878) in view of Hamma (USPUB 
2004/0202171). 

Daruwalla teaches forwarding to/receiving by packets via VPN an egress router as 
discussed above. 

15. As per claims 17-18, 27-28, 37-38 and 47-48 Daruwalla does not expressly disclose 
determining whether said packet can be forwarded by the egress router based on 
the SGI, a destination of the packet and an identifier of the tunnel . However, in 
analogous art, Hamma teaches determining whether a packet can be forwarded by 
the egress router based on the SGI, a destination of the packet and an identifier of 
the tunnel (The user router CPE A 214 transmits a VLAN packet PKT1 that has been 
tagged with VID=101 . When the packet PKT1 enters the edge router PE A 21 1 , the 
latter generates an MPLS packet PKT2 by removing the tag and adding, in place of 
the tag, a VPN label (=26: the VPN identifier of Enterprise A) and a forwarding label 
(=push label), and sends the packet PKT2 to the MPLS network 200. The MPLS 
packet PKT2 subsequently arrives at the target receive-side edge router PE C 213 
along the preset route through the MPLS network while its forwarding label is 
replaced. The receive-side edge router PE C 213 creates a VLAN packet PKT3 by 
removing the labels and adding a VLAN identifier (VID=1501) to which the 
destination user router CPE C belongs and then sends this packet to the VLAN 
specified by VID=1501 . As a result, the VLAN packet PKT3 arrives at the user 
router 231 . see Hamma. para 93 for example ). It would have been obvious to one of 
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ordinary skill in the art at the time of applicant's invention to configure Daruwalla's 
system to include determining whether said packet can be forwarded by the egress 
router based on the SGI, a destination of the packet and an identifier of the tunnel as 
taught by Daruwalla. One of ordinary skill in the art would have been motivated to 
perform such a modification in order to prevent terminal devices of one VPN 
accessing terminals of another VPN. 
1 6. As per claims 1 9, 29, 39 and 49, the VLAN ID and VPN label conversion table 1 24 
(as shown in Fig. 9 and detailed in Fig. 4) meets the limitation of ACL and clearly in 
order to translate VPN label to VID (VLAN ID) the copied VPN would have to be 
used as an index (Note the teaching in Hamma's paragraph 99: The receive-side 
edge router checks to see whether the MPLS packet has arrived (step 31 1 ). If the 
MPLS packet has arrived, the edge router removes the forwarding label attached as 
Layer 1 (step 312). Next, the edge router extracts the Layer-2 VPN label (step 313), 
refers to the table 124 indicating the correspondence between the VLAN ID (=VID) 
and VPN label (step 314) and checks to see whether the VID has been found (step 
31 5). If the VID has not been found, the edge router discards the packet. If the VID 
has been found, however, the edge router removes the Layer-2 label and adds a tag 
that contains the VID to create a VLAN packet (step 316). Next, the edge router 
refers to the VPN label table 124 to find the output interface and sends the VLAN 
packet to this interface (step 317). The destination user router CPE C receives the 
VLAN packet and executes predetermined processing (step 318)). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

/Peter Poltorak/ 
Examiner, Art Unit 2434 



